p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added request.session.delete_test_cookie() 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2005-09-23 01:28:44 +00:00
parent 3dc1ede871
commit 39a907a051
4 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
django/middleware/admin.py
View File

@ -81,6 +81,7 @@ class AdminUserRequired:
request.user = user request.user = user
return return
else: else:
request.session.delete_test_cookie()
return httpwrappers.HttpResponseRedirect(request.path) return httpwrappers.HttpResponseRedirect(request.path)
else: else:
return self.display_login_form(request, ERROR_MESSAGE) return self.display_login_form(request, ERROR_MESSAGE)

3
django/middleware/sessions.py
View File

@ -30,6 +30,9 @@ class SessionWrapper(object):
def test_cookie_worked(self): def test_cookie_worked(self):
return self.get(TEST_COOKIE_NAME) == TEST_COOKIE_VALUE return self.get(TEST_COOKIE_NAME) == TEST_COOKIE_VALUE
def delete_test_cookie(self):
del self[TEST_COOKIE_NAME]
def _get_session(self): def _get_session(self):
# Lazily loads session from storage. # Lazily loads session from storage.
try: try:

1
django/views/auth/login.py
View File

@ -18,6 +18,7 @@ def login(request):
if not redirect_to or '://' in redirect_to or ' ' in redirect_to: if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
redirect_to = '/accounts/profile/' redirect_to = '/accounts/profile/'
request.session[users.SESSION_KEY] = manipulator.get_user_id() request.session[users.SESSION_KEY] = manipulator.get_user_id()
request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to) return HttpResponseRedirect(redirect_to)
else: else:
errors = {} errors = {}

9
docs/sessions.txt
View File

@ -46,7 +46,7 @@ It implements the following standard dictionary methods:
* ``get(key, default=None)`` * ``get(key, default=None)``
Example: ``fav_color = request.session.get('fav_color', 'red')`` Example: ``fav_color = request.session.get('fav_color', 'red')``
It also has these two methods: It also has these three methods:
* ``set_test_cookie()`` * ``set_test_cookie()``
Sets a test cookie to determine whether the user's browser supports Sets a test cookie to determine whether the user's browser supports
@ -60,6 +60,9 @@ It also has these two methods:
have to call ``set_test_cookie()`` on a previous, separate page request. have to call ``set_test_cookie()`` on a previous, separate page request.
See "Setting test cookies" below for more information. See "Setting test cookies" below for more information.
* ``delete_test_cookie()``
Deletes the test cookie. Use this to clean up after yourself.
You can edit ``request.session`` at any point in your view. You can edit it You can edit ``request.session`` at any point in your view. You can edit it
multiple times. multiple times.
@ -120,11 +123,15 @@ This awkward split between ``set_test_cookie()`` and ``test_cookie_worked()``
is necessary due to the way cookies work. When you set a cookie, you can't is necessary due to the way cookies work. When you set a cookie, you can't
actually tell whether a browser accepted it until the browser's next request. actually tell whether a browser accepted it until the browser's next request.
It's good practice to use ``delete_test_cookie()`` to clean up after yourself.
Do this after you've verified that the test cookie worked.
Here's a typical usage example:: Here's a typical usage example::
def login(request): def login(request):
if request.POST: if request.POST:
if request.session.test_cookie_worked(): if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return HttpResponse("You're logged in.") return HttpResponse("You're logged in.")
else: else:
return HttpResponse("Please enable cookies and try again.") return HttpResponse("Please enable cookies and try again.")